Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / a935654f0613640535fbf0ba190f81d02a63d35c / . / Lib / crypt.py
blob: 4d73202b468796ca791d4937e1e7adb5ce4ec960 [file] [log] [blame]
Brett Cannondaa57992011-02-22 21:48:06 +0000[diff] [blame]1"""Wrapper to the POSIX crypt library call and associated functionality."""
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +0000[diff] [blame]2
3import _crypt
Christian Heimesafa29732012-06-27 15:36:46 +0200[diff] [blame]4import string as _string
5from random import SystemRandom as _SystemRandom
6from collections import namedtuple as _namedtuple
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +0000[diff] [blame]7
8
Christian Heimesafa29732012-06-27 15:36:46 +0200[diff] [blame]9_saltchars = _string.ascii_letters + _string.digits + './'
10_sr = _SystemRandom()
Brett Cannondaa57992011-02-22 21:48:06 +0000[diff] [blame]11
12
Christian Heimesafa29732012-06-27 15:36:46 +0200[diff] [blame]13class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')):
Brett Cannondaa57992011-02-22 21:48:06 +0000[diff] [blame]14
15 """Class representing a salt method per the Modular Crypt Format or the
16 legacy 2-character crypt method."""
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +0000[diff] [blame]17
18 def __repr__(self):
Brett Cannondaa57992011-02-22 21:48:06 +0000[diff] [blame]19 return '<crypt.METHOD_{}>'.format(self.name)
20
21
Serhiy Storchakaeab3ff72017-10-24 19:36:17 +0300[diff] [blame]22def mksalt(method=None, *, log_rounds=12):
Brett Cannondaa57992011-02-22 21:48:06 +0000[diff] [blame]23 """Generate a salt for the specified method.
24
25 If not specified, the strongest available method will be used.
26
27 """
28 if method is None:
29 method = methods[0]
Serhiy Storchakaeab3ff72017-10-24 19:36:17 +0300[diff] [blame]30 if not method.ident:
31 s = ''
32 elif method.ident[0] == '2':
33 s = f'${method.ident}${log_rounds:02d}$'
34 else:
35 s = f'${method.ident}$'
Victor Stinner7f7b9412013-08-14 01:39:14 +0200[diff] [blame]36 s += ''.join(_sr.choice(_saltchars) for char in range(method.salt_chars))
Brett Cannondaa57992011-02-22 21:48:06 +0000[diff] [blame]37 return s
38
39
40def crypt(word, salt=None):
41 """Return a string representing the one-way hash of a password, with a salt
42 prepended.
43
44 If ``salt`` is not specified or is ``None``, the strongest
45 available method will be selected and a salt generated. Otherwise,
46 ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as
47 returned by ``crypt.mksalt()``.
48
49 """
50 if salt is None or isinstance(salt, _Method):
51 salt = mksalt(salt)
52 return _crypt.crypt(word, salt)
Sean Reifscheidere2dfefb2011-02-22 10:55:44 +0000[diff] [blame]53
54
55# available salting/crypto methods
Brett Cannoncfbcdbb2011-02-22 21:55:51 +0000[diff] [blame]56methods = []
Serhiy Storchakaeab3ff72017-10-24 19:36:17 +0300[diff] [blame]57
58def _add_method(name, *args):
59 method = _Method(name, *args)
60 globals()['METHOD_' + name] = method
61 salt = mksalt(method, log_rounds=4)
62 result = crypt('', salt)
63 if result and len(result) == method.total_size:
64 methods.append(method)
65 return True
66 return False
67
68_add_method('SHA512', '6', 16, 106)
69_add_method('SHA256', '5', 16, 63)
70
71# Choose the strongest supported version of Blowfish hashing.
72# Early versions have flaws. Version 'a' fixes flaws of
73# the initial implementation, 'b' fixes flaws of 'a'.
74# 'y' is the same as 'b', for compatibility
75# with openwall crypt_blowfish.
76for _v in 'b', 'y', 'a', '':
77 if _add_method('BLOWFISH', '2' + _v, 22, 59 + len(_v)):
78 break
79
80_add_method('MD5', '1', 8, 34)
81_add_method('CRYPT', None, 2, 13)
82
83del _v, _add_method